Your old emails could be in government inbox now

Customer IT infrastructures are shown last year in the Quality Technology Services Atlanta Metro Data Center. Atlanta has become an exploding market for data centers as the demand for cloud computing grows. (AJC Photo/Jason Getz)

You’ve got mail. And depending on how long its been since you’ve read it, the government can read it, too.

That’s the claim U.S. Rep. Tom Graves made in a district update to his constituents this summer.

"It’s shocking, but true," Graves, R-Ranger, said in the emailed update. "The government does not need a warrant to read your old emails. How can this be? Simply put, our privacy laws are outdated."

Since May, when former government defense contractor Edward Snowden leaked the details of two National Security Agency spy programs that track phone and Internet communications, there has been a heightened interest in how much privacy Americans actually have.

PolitiFact Georgia gets and sends a lot of email. We wanted to know whether our bygone missives could be subject to government perusal, so we went looking for answers.

Graves’ update referenced the Email Privacy Act that he introduced, along with U.S. Reps. Kevin Yoder and Jared Polis, to update the current electronic communication privacy laws. The bill, introduced in May, has gained 137 bipartisan co-sponsors and has been referred to a House committee. The Graves bill is a companion to a similar bill being pushed in the Senate by U.S. Sens. Patrick Leahy and Mike Lee. The Senate bill passed out of committee and is up for a full chamber vote.

If passed, both bills would update the current law that governs data storage, the Electronic Communications Privacy Act. The ECPA, passed in 1986, regulates government access to private information that is transmitted and stored on the Internet, such as email. The law considers emails stored on third-party servers for longer than 180 days as abandoned. The 1986 law allows federal agencies to obtain a subpoena -- but doesn’t require a warrant from a judge -- to view the records. (Emails less than 180 days old do require a judicial warrant to obtain.)

"The (ECPA) was written at a time when people didn’t store emails on a server and there was no cloud. Storage was expensive and most people didn’t keep emails long -- they downloaded things to the desktop," said Mark Stanley, a campaign and communications strategist for the Center for Democracy and Technology, a nonprofit public policy organization that works to improve privacy in communications technology.

When the law was written, users of the early Internet often downloaded emails directly to their hard drives to save them. Service providers deleted messages on their servers immediately to free up valuable storage space. Today, storage space is practically unlimited. Deleting messages from your inbox doesn’t preclude them from still existing on your computer’s hard drive, your email provider’s server, or in the inbox or on the server of the person receiving the email.

Graves’ email privacy act would drop the 180-day provision from the existing law and require a warrant to obtain the emails. The bill "would ensure that Fourth Amendment protections Americans already have for mail, phone calls, and other paper/hard documents are extended to their soft communications too," the three congressmen wrote in a Wired op-ed.

One exception exists to the current electronic communications privacy law, but not in our area. A ruling in a 2010 federal appeals court case, United States v. Warshak, found that police violated a man’s constitutional rights by reading his emails without a warrant. The Supreme Court has not addressed this case, and the ruling only applies to states in the court’s 6th Circuit jurisdiction of Kentucky, Michigan, Ohio and Tennessee.

Because of this ruling, email and Internet companies Facebook, Google, Microsoft and Yahoo require warrants and subpoenas to release emails and other stored data. But there is no guarantee that their requirements would hold up in court.

A coalition of communications, privacy and human rights groups have lobbied Congress to update the current electronic data bill. The Washington Post editorial board urged lawmakers to close the email loophole in a July editorial.

Privacy expert and professor John Soma, who leads the Privacy Foundation at the University of Denver, also vouched for Graves’ claim. Soma said the legislators’ bill is tame in regards to what data management changes should be made to the law.

But getting the bill passed could be difficult. GovTrack, which follows federal legislation, gives Graves’ bill only an 8 percent chance of being enacted; the Senate bill fares a bit better at 14 percent. Soma gives it a better chance, especially after Snowden revealed the government’s surveillance practices.

So, does Graves’ claim about email make it to the inbox or get filtered into junk mail?

The Georgia congressman said the government doesn’t need a warrant to read our old emails. Current law, in place before many modern technology advances, does not include a provision protecting email over 180 days old from the government’s prying eyes.

Graves and a cadre of congressional members are working to update the privacy laws. But in the meantime the old rules stand.

How to contact us

We want to hear your suggestions and comments. Email the Truth-O-Meter with feedback and with claims you'd like to see checked. If you send us a comment, we'll assume you don't mind us publishing it unless you tell us otherwise.